WikiMedia Foundation find and fixes critical vulnerability in Wikipedia

The possibility of Wikipedia being taken over by attackers was just foiled by quick action on the part of Wikimedia Foundation, the nonprofit that operates Wikipedia, with the help of Check Point, the security firm that discovered the critical security hole in its code. “It is conceivable that someone who discovered this vulnerability could have executed code that may have made it possible to access user data,” says Wikimedia Foundation spokesman Jay Walsh. 

The WikiMedia Foundation, authors of the MediaWiki software used by Wikipedia and many other sites, Have issued a fix for a critical, remote code execution vulnerability in that program. The bug was reported to them recently by Check Point Software. This vulnerability affects all versions of MediaWiki from 1.8 onwards as well as earlier supported versions prior to 1.21.5 and 1.22.2. According to the report on the bug in the WikiMedia bug database, “Shell meta characters can be passed in the page parameter to the thumb.php.” This would allow any remote user to execute shell code on the MediaWiki application server.

Read full article